Connecting JIRA to Active Directory over LDAPS fails with "Connection reset"
This article only applies to Atlassian's server products. Learn more about the differences between cloud and server.
When setting up an Active Directory connection in JIRA over LDAPS (Secure LDAP), the synchronization will fail with the below error message.
2015-06-20 17:36:28,373 atlassian-scheduler-quartz1.clustered_Worker-3 ERROR [atlassian.scheduler.core.JobLauncher] Scheduled job with ID 'com.atlassian.jira.crowd.embedded.JiraDirectoryPollerManager.10401' failed org.springframework.ldap.CommunicationException: 192.168.1.100:636; nested exception is javax.naming.CommunicationException: 192.168.1.100:636 [Root exception is java.net.SocketException: Connection reset]
- Active Directory 2012 (and R2) connected over LDAPS;
- Java 8;
Other environments might be affected as well, in case you face a problem such as this one, please inform environment specifications on the comments.
- Analyzing a
tcpdumpgenerated during the synchronization attempt will show multiple
RSTpackets sent by the AD server;
By default, JIRA only uses pooled connections when connecting to a directory server over LDAP. Enabling SSL causes it to disable the pooling, resulting in poorer performance and failures due to connection resets.
In order to circumvent the problem, we can enable the SSL connections pooling by adding the below argument to JIRA's startup options.